如何通過策略將 Azure 資源鎖應用於資源組
[英]How to apply Azure resource locks to Resource Groups via Policy
問題描述
我正在嘗試創建一個 Azure 策略,該策略將向訂閱中的資源組部署具有“CanNotDelete”級別的資源鎖。
目前,該策略 100% 合規,但該策略尚未創建任何鎖定。
我的 JSON policy.rules 文件中有以下內容;
{ "if": { "field": "type", "equals": "Microsoft.Resources/resourceGroups" }, "then": { "effect": "deployIfNotExists", "details": { "type": "Microsoft.Authorization/locks", "existenceCondition": { "field": "Microsoft.Authorization/locks/level", "equals": "CanNotDelete" }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/0000-0000-0000-0000-0000000" ], "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", "contentVersion": "1.0.0.0", "parameters": { "location": { "type": "string" } }, "resources": [ { "type": "Microsoft.Authorization/locks", "apiVersion": "2017-04-01", "name": "ResourceLock", "properties": { "level": "CanNotDelete", "notes": "Prevent accidental deletion of resource groups" } } ] } } } } } }
1 個解決方案
解決方案1
1 2019-03-04 10:05:39
設法通過兩個更改使其工作;
- if 語句路徑 - Microsoft.Resources/subscriptions/resourceGroups
- 由於某種原因沒有創建托管標識,這是“deployIfNotExists”策略效果所必需的。
我希望能幫助遇到同樣問題的人
Azure資源刪除鎖可防止刪除資源上的角色分配
[英]Azure resource deletion locks preventing deletion of role assignment on the resource
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.